STSLoginModules

The page describes the Login Modules (LM) that integrate with PicketLinkSTS.

STSIssuingLoginModule

This is a JAAS LM for PicketLink STS (Security Token Service) that issues security tokens.This LM expects to be created with a callback handler that can handle NameCallback and a PasswordCallback, which should be match the username and password for whom a security token will be issued.

Configuration properties

endpointURIThe ultimate recipient of the token. This will be set at the AppliesTo for the RequestSecurityToken. This is an option configuration property.

tokenTypeThe type of security token to be issued.

STSValidatingLoginModule

This is a JAAS LoginModule for PicketLink STS (Security Token Service) that validates security tokens.This LoginModule only performs validation of existing SAML Assertions and does not issue any such Assertions.

Configuration properties

configFileThe configuration for the underlying STSClient.

JAAS Callbacks and stacked Login Modules

This section describes the the callback required by these LMs and also the options for stacking login modules. The following options are available for retreiving username/credentials for the LMs described in this page:

This configuration could be used in situations where the token validation is done without regard to the username/credentials used to authenticate with PicketLinkSTS. An example of this could be where the validation is done only using the digital signature of the security token.

Password stacking can be configured which means that a Login module configured with 'password-stacking' set to 'true' will set the username and password in the shared state map. Login modules that come after can set 'password-stacking' to 'useFirstPass' which means that that login module will use the username and password from the shared map.